Question Modem/Router Web Activity Log Shows Heavy Activity From 0.66.0.0

Toggle sidebar Toggle sidebar
B

Bruceski44

Jul 28, 2023
3
0
10
Hi all,

I recently found this site and am newly focused on my home network's security settings. Upon review of my web activity log, I see activity about every second from a website recorded as 0.66.0.0. I do not think that's a real URL. I tried to block that address in my settings, but the config page says that's an invalid address. What should I do to prevent attacks from what appear to be spoofed IP addresses? I do not see any unknown devices in my device table, so I don't think I'm breached.

I am on Centurylink Fiber internet and using their standard modem/router (don't want to post any unnecessary model numbers, but will do so if it's important). Their firewall is set to high and it's in Stealth Mode. Win 10 Home with all updates. No other security measures. Am I at risk? How can I determine the real URL that's showing activity?

Thanks to all for any helpful info!

Bruce
 
0.66.0.0 - not something that I would expect to see on a private network.

Is that activity incoming or outgoing? As I understand your post I think incoming.

FYI:

https://www.lifewire.com/what-is-a-private-ip-address-2625970

No harm in posting the modem/router model number. Likely to be using one of commonly used private IP addresses. My Linksys router uses 192.168.1.1 as do thousands of other home network routers/gateways.

What you do want to protect is your public IP address.

FYI:

https://www.myip.com/

Are you able to take a screenshot of the web activity log and post the screenshot here via imgur (www.imgur.com)?

Looking back through the log - when did the activity begin? Date?

Also, FYI:

https://ipwhoisinfo.com/ip/0.66.0.0
 
  • Like
Reactions: Bruceski44
Thanks for the answering info...

The modem (although in truth, it's just a router, the ONT provides ethernet to it, no demodulation needed) is the C40000XG.

I just determined the 0.66.0.0 address only shows up when my iOmega NAS is on (static private IP address 192.168.0.12).
This is what the Help says about the log I'm viewing:
Web Activity Log provides a comprehensive
list of websites visited from your CenturyLink High-Speed Internet
modem. The list will provide the LAN device that visited
the website.

So it sounds like it's tracking outbound IP addresses and for some reason the NAS is contacting the weird site.

Here is what the log looks like:
Date Time IP Address Website
7/28/202310:10:32 PM0.66.0.00.66.0.0
7/28/202310:10:31 PM0.66.0.00.66.0.0
7/28/202310:10:25 PM0.66.0.00.66.0.0
7/28/202310:10:24 PM0.66.0.00.66.0.0
7/28/202310:10:18 PM0.66.0.00.66.0.0
7/28/202310:10:17 PM0.66.0.00.66.0.0
7/28/202310:10:11 PM0.66.0.00.66.0.0
7/28/202310:10:10 PM0.66.0.00.66.0.0
 
Pattern: two log entries one second apart with the entry "pair" repeating 6 seconds apart. Not random.

And the only problem with the NAS are the log entries.

No problems with reading or writing data to the NAS - correct? No NAS performance problems as I understand thus far.

Which model iOmega NAS? Do you have the User Guide/Manual? And Admin rights?

Do you have any USB device(s) connected to the NAS or the modem/router for that matter?

The NAS is using a wired Ethernet connection to the Modem/Router using one of the four yellow LAN ports - correct? What, if anything (ONT? ) is connected to the WAN/LAN port? No wireless or wireless disabled - correct?

What was the basis for using 192.168.0.12 for the NAS's static IP? Is it certain that that IP address is not being duplicated? Is the IP address outside of the available modem/router DHCP IP address range and/or reserved for the NAS?

Two general thoughts at this time (there may be other ideas and suggestions):

1) The NAS is not correctly configured - may be trying to "phone home", find an update, or email out some error notification.

2) The NAS firmware is out of date, buggy, or corrupted.

Is all of the data on the NAS also backed up to another location and verified as recoverable and readable?
 
  • Like
Reactions: Bruceski44
Thanks @Ralston18, your helpful questions and info have helped solve the mysterious activity. I upgraded the FW and turned off all services and old copy jobs and the activity has ceased.

When I got it some years ago, I tried to get it to connect with my wife's iMac and automatically perform some backups, so I had a bunch of stuff turned on and configured, but nothing really worked the way I wanted it to. Especially connecting with that iMac, which was intractable. She now uses Cloud services for her work, which is pretty infrequent. I turn on the NAS every week or two and use SyncToy to run my backups manually. We're retired, and don't really do much anymore, but we do keep track of our investments and have plenty of family photos and videos to safeguard. I just got a 2TB HDD to BU the NAS and will now establish how much cloud or offsite storage I need to be completely protected.

Thanks again for your help, I really should have backed out all those things I tried years ago. That iOmega StorCenter ix2-200 (2TB) was a gift and has been out of support for many years, but it just keeps chuging along. It's nice to see some HW which just keeps working, even if it's no longer supported. iOmega was acquired by Lenovo who just dropped the old stuff on the side of the road, figuratively speaking.

I'll answer one of your questions here, because it's generally security-related: I assigned static IP addresses and names to all my devices so I could easily recognize any foreign devices in my device table.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom